[exim] Re: Exim Zero Day?

Top Page
Delete this message
Reply to this message
Author: Christof Meerwald
Date:  
To: Slavko, Slavko via Exim-users
Subject: [exim] Re: Exim Zero Day?
On Sun, 01 Oct 2023 19:50:43 +0000, Slavko via Exim-users wrote:
> Dňa 1. októbra 2023 17:49:26 UTC používateľ Rainer Dorsch via Exim-users <exim-users@???> napísal:
>>I stopped the exim4 service on servers with port 25 accessible from the
>>internet
>
> Please why?
>
> + do you use AUTH (NTLM/EXTERNAL) on port 25?


This was only officially confirmed today (which is very unfortunate),
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ just had
"(0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution
Vulnerability"

When I looked at it yesterday I eventually found enough information
that suggested it's only exploitable with "AUTH EXTERNAL", so wasn't
worried after I found that. But until then I was actually quite
worried as well.


Christof

-- 

https://cmeerw.org                             sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org                   xmpp:cmeerw at cmeerw.org


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/